77afaf12ff239213bae212a0e7d4d79e9e645334e96e75524b2e378673c2d127

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Dh-A.16159.32509.exe
Size

12KB
MD5

5e9fcc2dc20ebc2da3a412af37dd0fd5
SHA1

b81e1a892ed990e6edf6aba01be9d2b9d6b93c8b
SHA256

77afaf12ff239213bae212a0e7d4d79e9e645334e96e75524b2e378673c2d127
SHA512

7984fc3ec3ac3fe97cdd5b29d46e6a670285b4b4fa2f5c2dbaba30545fef2adc5f3d6d729ebe520c72fee362f430c1d4a152a931ed201b2708fec33d0de7d717
SSDEEP

192:zabI16JNGIT8N6BORFKvftUs8bf3PALPl5GjQ8WXftGZlLGm2AMWlJdxqHgrM91x:E9NGIIXsKAyimIm6WlJj+n

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 12 IoCs

pid	Process
1300	242604042510465.exe
2792	242604042526340.exe
2360	242604042540918.exe
4516	242604042552605.exe
4728	242604042604355.exe
2624	242604042614996.exe
2052	242604042631746.exe
832	242604042642668.exe
1288	242604042652730.exe
4492	242604042707074.exe
668	242604042717261.exe
4088	242604042728043.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 3756	3236	SecuriteInfo.com.Win32.Dh-A.16159.32509.exe	97
PID 3236 wrote to memory of 3756	3236	SecuriteInfo.com.Win32.Dh-A.16159.32509.exe	97
PID 3756 wrote to memory of 1300	3756	cmd.exe	98
PID 3756 wrote to memory of 1300	3756	cmd.exe	98
PID 1300 wrote to memory of 2740	1300	242604042510465.exe	100
PID 1300 wrote to memory of 2740	1300	242604042510465.exe	100
PID 2740 wrote to memory of 2792	2740	cmd.exe	101
PID 2740 wrote to memory of 2792	2740	cmd.exe	101
PID 2792 wrote to memory of 3056	2792	242604042526340.exe	103
PID 2792 wrote to memory of 3056	2792	242604042526340.exe	103
PID 3056 wrote to memory of 2360	3056	cmd.exe	104
PID 3056 wrote to memory of 2360	3056	cmd.exe	104
PID 2360 wrote to memory of 4308	2360	242604042540918.exe	105
PID 2360 wrote to memory of 4308	2360	242604042540918.exe	105
PID 4308 wrote to memory of 4516	4308	cmd.exe	106
PID 4308 wrote to memory of 4516	4308	cmd.exe	106
PID 4516 wrote to memory of 4612	4516	242604042552605.exe	107
PID 4516 wrote to memory of 4612	4516	242604042552605.exe	107
PID 4612 wrote to memory of 4728	4612	cmd.exe	108
PID 4612 wrote to memory of 4728	4612	cmd.exe	108
PID 4728 wrote to memory of 3260	4728	242604042604355.exe	110
PID 4728 wrote to memory of 3260	4728	242604042604355.exe	110
PID 3260 wrote to memory of 2624	3260	cmd.exe	111
PID 3260 wrote to memory of 2624	3260	cmd.exe	111
PID 2624 wrote to memory of 3012	2624	242604042614996.exe	112
PID 2624 wrote to memory of 3012	2624	242604042614996.exe	112
PID 3012 wrote to memory of 2052	3012	cmd.exe	113
PID 3012 wrote to memory of 2052	3012	cmd.exe	113
PID 2052 wrote to memory of 2636	2052	242604042631746.exe	121
PID 2052 wrote to memory of 2636	2052	242604042631746.exe	121
PID 2636 wrote to memory of 832	2636	cmd.exe	122
PID 2636 wrote to memory of 832	2636	cmd.exe	122
PID 832 wrote to memory of 4412	832	242604042642668.exe	123
PID 832 wrote to memory of 4412	832	242604042642668.exe	123
PID 4412 wrote to memory of 1288	4412	cmd.exe	124
PID 4412 wrote to memory of 1288	4412	cmd.exe	124
PID 1288 wrote to memory of 5072	1288	242604042652730.exe	125
PID 1288 wrote to memory of 5072	1288	242604042652730.exe	125
PID 5072 wrote to memory of 4492	5072	cmd.exe	126
PID 5072 wrote to memory of 4492	5072	cmd.exe	126
PID 4492 wrote to memory of 1536	4492	242604042707074.exe	129
PID 4492 wrote to memory of 1536	4492	242604042707074.exe	129
PID 1536 wrote to memory of 668	1536	cmd.exe	130
PID 1536 wrote to memory of 668	1536	cmd.exe	130
PID 668 wrote to memory of 2444	668	242604042717261.exe	131
PID 668 wrote to memory of 2444	668	242604042717261.exe	131
PID 2444 wrote to memory of 4088	2444	cmd.exe	132
PID 2444 wrote to memory of 4088	2444	cmd.exe	132

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.16159.32509.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.16159.32509.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042510465.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3756
- - C:\Users\Admin\AppData\Local\Temp\242604042510465.exe
    C:\Users\Admin\AppData\Local\Temp\242604042510465.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1300
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042526340.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\242604042526340.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042526340.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2792
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042540918.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\242604042540918.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042540918.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042552605.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\242604042552605.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042552605.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042604355.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\242604042604355.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042604355.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042614996.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\242604042614996.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042614996.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042631746.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\242604042631746.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042631746.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042642668.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\242604042642668.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042642668.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042652730.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\242604042652730.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042652730.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042707074.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\242604042707074.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042707074.exe 00000a
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042717261.exe 00000b
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\242604042717261.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042717261.exe 00000b
        23⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604042728043.exe 00000c
        24⤵
        Suspicious use of WriteProcessMemory
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\242604042728043.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604042728043.exe 00000c
        25⤵
        Executes dropped EXE
        
        PID:4088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242604042510465.exe

Filesize
13KB

MD5
53bb6e36147d11dbce66d587814cde09

SHA1
601b31d910e3b5b1dea4959c31992bbc1bad888c

SHA256
9c721a18261701dcc981206cd052b3d8288ecd3519253a662c487bd4dc085d7b

SHA512
925b90a43905850dbbcbef8608b72bacebfeda9da8342e6c01af7c6481cc20a8c603a742fcd4fcfb5702f8983c89ae72a4156280a1d21bf876fa44ceaa6eb73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042526340.exe

Filesize
12KB

MD5
f139a6a9da33356c986c98775e0559c0

SHA1
30ea865e57f865cef082f3785330cbe4feb2287f

SHA256
1af57a9af58e488e78f02956d16d309ea910289e7fd4d3c93c5d0a7d27820af4

SHA512
7d9acb3982591813fb37efb69464fe5b39b19cae213cd24389f8d8efcd8c8cb227dccb5e9aca89faa7570729fe9005d4eb83fbeaada96bc38f3b63302b53a168

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042540918.exe

Filesize
13KB

MD5
0e8cca0f1b6511c83a35a64b0d18b475

SHA1
ecfb12b2db7f6f19b9eb7ad26d7ec28958461732

SHA256
a5d2144576e13225ccc88c8794faa57a6289732d8dd45be3d92fdb82a815eabf

SHA512
0d6bd209a7dc3e92afe3d9795756c6a684f538b7aee8faadc6c0f98d48d0781a4764bd9eaaf8bc52fefb493cd04493660efc6c0d9210d2f1b9836415d07d7550

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042552605.exe

Filesize
13KB

MD5
7817e6be907b213a92ad687509d882c2

SHA1
f056a95e701a2aeeed66394ec9be5bd528b45786

SHA256
6707a2f3f44e7d06996d7b1b099903710fc967b250e87a38e52491a9de35e04d

SHA512
b32c1f4bd95139f2da6321d689e833dbf57354e777803848674b94dbc7073fc2db3f204a7710f56ec6da7eb42be0435cae33344bcfea021cd4c958c1307f8c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042604355.exe

Filesize
13KB

MD5
a56aa710419b1db5782560287684058b

SHA1
60603e2cb5217250c1e6233b9f0e83d0e6b33557

SHA256
071c9b7ee093c24bed885c380497f576b7db62f213dab5588468923a2710ead0

SHA512
a943c2fc6c9f065f8441ee53987b7f3cb50a237a4dd8b8e5606cc5d63bd1894bfe12a09b49831849b9a673651675330df05343ce29cd855ea73e6891f25e62d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042614996.exe

Filesize
13KB

MD5
cfa093fe3ddee7e639afb641d932809f

SHA1
e830b8b4815c51b5fc07282db134bb85be458005

SHA256
a1c002d3d1840d67fd19886ce0f5797978ff89d7af5ce75b8ed38d23d134acee

SHA512
b92d07da308d392ce00b005a3f042394b06621ea316a0c1e4132c8a81c984e479c408a657731c79413bf1e7fbff34462692c3ce6d162a054d0d77c52d8f62c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042631746.exe

Filesize
13KB

MD5
36a77b4a8da1edcba75670253fdd72e8

SHA1
9acdb81c5639e6336f74c30517838de17b365ce6

SHA256
4230b7c355c0f2e8d98bc8941a3c78ee8a8ad8ab5a077ee2f950619a8336de0c

SHA512
15127587780aa7b053fcd1ae27dda942e030050855074473c2c20aa02e7f83726148d7d870c2e3ed47a7d4d32d2d2720dc243ab1f80135ae8898a7a11725eeef

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042642668.exe

Filesize
13KB

MD5
a4de83b6c5a15e3179695dea4bb092d6

SHA1
aa7dc39b28f458608efba212a5620637598269dd

SHA256
0c0f324c1227f3120f01825bbda411232f5f7bf8b7352d30c276710a62f321e5

SHA512
378e4ce5b2158357ac72ff7e1378a73dbc7332bf89b4317110c4a68b4af07736faedff1aca17f076027863bd8c0f0521c7671b48242760da631c70ef740f4101

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042652730.exe

Filesize
12KB

MD5
b8040513747b3eb0e7904418319e4915

SHA1
e22e44b7cc3c022a8db7cdd1e7f1486fc29b3751

SHA256
f2c519a75948a4b24765b4ce3b23ca128d048005c9fac76fd3cdd1661ae088ed

SHA512
9018d6087fd046de47baf146d1866aac9f28423d9080c4cd7db1fc442f4f284d5fd56d6e25efca950f69972178ef1a89f6ba969d658e839d84d294a4ab2539e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042707074.exe

Filesize
12KB

MD5
ef9596749e707fa93d1d67c69bbee766

SHA1
f1c382cda6deb2b72b243fddd664cbe21a6ea22e

SHA256
703529920f2d8a6cfe98292712625eb47b60bc028bf4c54a105d95bd32db3de0

SHA512
8efe5482bc91791bd6ef2b665f0af5d70cf2dc519eed6712ad75d1964559f236911abed5640231289a670bfadeeed46c0cd2b211d8f42248b066f1b3cadd8f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042717261.exe

Filesize
12KB

MD5
c0ae27d03ba8e9791fb2730986048e12

SHA1
83a1c44b55eb7e9b3ed99de81bf2c89d910ea791

SHA256
80575c75f1d024112485f4324b0265170a302fb2db28bab369b26f4b323c9be6

SHA512
e9aabc1b752f8039e363b29a48b236b19fd72ea4522e8e45d691ba3c4eae1e896bc23c117965015d06c49a8bcf6d1ca08c48ec4a24b6d5a75c8a0869896495f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604042728043.exe

Filesize
12KB

MD5
f76f45078e4a9551ab0db64f72ff2dcc

SHA1
47d516f1b8dc2a720416abce28170164edb1f068

SHA256
2851720b6c1b76e64da89adec89a3f8f4b92b3c8dac44055cb97a677c3527fd2

SHA512
c978ba8e0c9068dcc85ddd0d3190c3b240495969954bea3eb784a1402965f1e723c8a1b791993204cb40883dc7420d5ec6a7b83ad01475c0d385ef5ece6a75d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads